LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-08-2012, 04:14 AM   #256
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox Drag and Drop Handling Same Origin Policy Bypass Vulnerability


Quote:
Soroush Dalili has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error when handling drag and drop events and can be exploited to bypass the same origin policy and e.g. execute script code in the context of another domain.

The vulnerability is confirmed in version 9.0.1. Other versions may also be affected.
Secunia Advisory
 
Old 02-03-2012, 10:45 PM   #257
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox / Thunderbird Multiple Vulnerabilities

Quote:
A security issue and multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to disclose certain sensitive information and by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
Secunia Advisory
 
Old 02-15-2012, 12:49 AM   #258
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

Quote:
A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error in the "nsXBLDocumentInfo::ReadPrototypeBindings()" method when handling XBL bindings in a hash table and can be exploited to cause a cycle collector to call an invalid virtual function.

Successful exploitation may allow execution of arbitrary code.
Secunia Advisory
 
Old 02-19-2012, 01:51 PM   #259
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox / Thunderbird / Seamonkey libpng Integer Overflow

Quote:
Mozilla has acknowledged a vulnerability in Firefox, Thunderbird, and Seamonkey, which can be exploited by malicious people to potentially compromise a user's system.
Secunia Advisory | Mozilla Security Blog Post
 
Old 03-14-2012, 11:04 PM   #260
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

Quote:
Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.

1) A use-after-free error exists within shlwapi.dll when closing a child window that uses the file open dialog.

2) An error when handling certain drag and drop actions can be exploited to conduct cross-site scripting attacks.

3) A use-after-free error exists within the "nsSMILTimeValueSpec::ConvertBetweenTimeContainers()" function when handling certain SVG animation.

4) An out-of-bounds read error in SVG filters can be exploited to disclose certain data.

5) An error when handling Content Security Policy headers can be exploited to conduct cross-site scripting attacks.

6) An error when handling "javascript:" home page can be exploited to execute script code in "about:sessionrestore" context.

7) An unspecified error exists when accessing a keyframe's cssText after dynamic modification.

8) The window.fullScreen property does not properly enforce the mozRequestFullscreen policy, which can be exploited to bypass the policy and spoof certain content.

9) Multiple unspecified errors can be exploited to corrupt memory.

Successful exploitation of vulnerabilities #1, #3, #6, #7, and #9 may allow execution of arbitrary code.
Secunia Advisory
 
Old 03-15-2012, 12:15 AM   #261
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,732
Blog Entries: 12

Rep: Reputation: 455Reputation: 455Reputation: 455Reputation: 455Reputation: 455
Whew I was worried there for a second.

Quote:
Solution
Update or upgrade to Firefox versions 11.0 or 10.0.3, Thunderbird versions 11.0 or 10.0.3, and SeaMonkey version 2.8.

Firefox and Thunderbird updated yesterday on my laptop to 11, and on my phone/Kindle Fire to 10.0.3.
 
Old 04-25-2012, 08:30 AM   #262
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Firefox 12.0 has been released. It includes many security fixes. The relevant Secunia advisory is here.
Quote:
Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, bypass certain security restrictions, and compromise a user's system.
 
Old 11-22-2012, 10:15 PM   #263
lynxelec
LQ Newbie
 
Registered: Nov 2012
Location: Brisbane
Posts: 1

Rep: Reputation: Disabled
Im glad they are fixing these issues, i jumped ship from IE for these reasons and vun reports lately are a little uneasy, damn pops and crap that smash FF are annoying too nowdays
 
Old 09-12-2013, 03:36 AM   #264
janiali
LQ Newbie
 
Registered: Sep 2009
Posts: 6
Blog Entries: 1

Rep: Reputation: 0
What about the Red Report Malicious in firefox

Hi All Gurus

I have came across lot of time with the red screed which says Malicious information found and firefox don't open it but we can browse in other Browsers ?

one way we think it is good that firefox stop us to accessing that kind of page but at the other end most of the time there is nothing wrong with that website so what to do that time ?

regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Mozilla Thunderbird to Find New Home as Mozilla Foundation Focuses on Mozilla Firefox LXer Syndicated Linux News 0 07-27-2007 09:16 AM
LXer: Mozilla Firefox 1.5.0.8 and Mozilla Thunderbird 1.5.0.8 Released LXer Syndicated Linux News 0 11-09-2006 05:21 PM
LXer: Mozilla Corporation Signs Mozilla Firefox Distribution Deal with RealNetworks LXer Syndicated Linux News 0 08-03-2006 03:21 PM
LXer: Mozilla Firefox and Mozilla Thunderbird 1.5.0.5 Community Test Day LXer Syndicated Linux News 0 07-14-2006 08:54 AM
Mozilla flaws could allow attacks, data access into Firefox & Mozilla web browsers! t3gah Linux - Security 6 04-09-2006 04:00 AM


All times are GMT -5. The time now is 10:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration